FileMaker Dry run with Certbot succeeds, real request fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:logbook.austinrowing.org

I ran this command:sudo -E ./fm_request_cert.sh

It produced this output:austinrc@filemaker Lets_Encrypt % sudo -E ./fm_request_cert.sh
Password:
Enter email for Let's Encrypt Notifications.

Email: ham.richards@austinrowing.org
Enter the domain for Certificate Generation. Note: Wildcards are not supported.
Domain: logbook.austinrowing.org
To import the certificates and restart FileMaker Server, enter the FileMaker Admin Console credentials:
Username:
Password:
austinrc@filemaker Lets_Encrypt % sudo -E ./fm_request_cert.sh
Enter email for Let's Encrypt Notifications.
Email: ham.richards@austinrowing.org
Enter the domain for Certificate Generation. Note: Wildcards are not supported.
Domain: logbook.austinrowing.org
To import the certificates and restart FileMaker Server, enter the FileMaker Admin Console credentials:
Username:
Password:
Do you want to restart FileMaker Server after the certificate is generated?
Restart (0 for no, 1 for yes): 1
Do you want to generate a test certificate?
Test Validation (0 for no, 1 for yes): 1


Generating test certificate request.
Saving debug log to /Library/FileMaker Server/CStore/Certbot/letsencrypt.log
Simulating a certificate request for logbook.austinrowing.org
The dry run was successful.
austinrc@filemaker Lets_Encrypt % sudo -E ./fm_request_cert.sh
Enter email for Let's Encrypt Notifications.

Email: ham.richards@austinrowing.org
Enter the domain for Certificate Generation. Note: Wildcards are not supported.
Domain: logbook.austinrowing.org
To import the certificates and restart FileMaker Server, enter the FileMaker Admin Console credentials:
Username:
Password:
Do you want to restart FileMaker Server after the certificate is generated?
Restart (0 for no, 1 for yes): 1
Do you want to generate a test certificate?
Test Validation (0 for no, 1 for yes): 0


Generating certificate request.
Saving debug log to /Library/FileMaker Server/CStore/Certbot/letsencrypt.log
Requesting a certificate for logbook.austinrowing.org

Successfully received certificate.
Certificate is saved at: /Library/FileMaker Server/CStore/Certbot/live/logbook.austinrowing.org-0003/fullchain.pem
Key is saved at: /Library/FileMaker Server/CStore/Certbot/live/logbook.austinrowing.org-0003/privkey.pem
This certificate expires on 2024-10-26.
These files will be updated when the certificate renews.

NEXT STEPS:

  • The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 2.12.0.dev0 documentation for instructions.

If you like Certbot, please consider supporting our work by:


realpath: /Library/FileMaker Server/CStore/Certbot/live/logbook.austinrowing.org/privkey.pem: No such file or directory
realpath: /Library/FileMaker Server/CStore/Certbot/live/logbook.austinrowing.org/fullchain.pem: No such file or directory
[ERROR]: An error occurred with certificate generation. No private key found.
austinrc@filemaker Lets_Encrypt %

My web server is (include version):b Claris FileMaker Server 21.0.1.51

The operating system my web server runs on is (include version):macOS Ventura 13.3.1 (22E261)

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): FileMaker Server admin console 21.0.1.51

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

The script appears to be saving the certificate and key in logbook.austinrowing.org-0003, and then failing to find them in logbook.austinrowing.org.

I discovered a possible error in he credentials for the server. If that could cause the directory problem, this post can be ignored. Apologies to anyone who has spent any time reading it (I tried to delete it, but got a system error message).

A second run produced a different failure, which I'll report in a separate post.

I see you have had many other threads with similar problems.

This almost certainly is a configuration problem on your system and/or with FileMaker.

It looks to be invoking Certbot from its own script. And, uses some kind of built-in Apache server for its service. How these all work together is best understood by the provider Claris.

Perhaps someone here will have first-hand knowledge of FileMaker and can help. I think your best option is to seek support from Claris. I can see you are likely (again) running into the rate limit problem from too many certs issued in the past week.

And, something has gone wrong with your Certbot config for it to be using the -0003 iteration even though your past certs have all used the same domain name.

3 Likes

I think this is the issue indeed. Usually Certbot does not generate those directories suffixed with e.g. -0003. This also means you also have a -0001 and -0002 certificate present, or at least had. But for some reason not a certificate without the suffiix.

Can you run sudo certbot certificates?

Not that I'm sure this would fix any issue, as I too believe the issue is with "FileMaker", not Certbot. The way FileMaker seems to implement Certbot is flawed.

2 Likes

Thanks, MikeMcQ and Osiris, for your comments.

Your suggestion that the fault lies with FileMaker makes a lot of sense. My efforts to install a LE certificate finally succeeded when I reverted to a script I had been using previously. In case anyone else reports problems like mine, the script that worked for me was created by: David Nahodyl of Blue Feather, on 5/7/2019.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.